How do you monitor for unauthorized access into your servers? - TechRepublic
General discussion
July 6, 2009 at 11:41 AM
neon samurai

How do you monitor for unauthorized access into your servers?

by neon samurai . Updated 16 years, 11 months ago

I thought this would be an interesting topic while I do my own reading on the side.

For the system admins, how do you watch for unauthorized access? Failed passwords are pretty obvious; grep the log for “denied” and start validating what comes up. Do you have a trick for spotting such access where Eve has come in with a valid but “borrowed” account?

Off the top of my head, I’m thinking a daily check of logins compared to valid work times This would limit the blind spot to Eve knowing the staffer’s regular work times. Now we have to check for connection source along with times. The blind spot is now Eve having the staffer’s regular work schedule and location by spoofing or physical visit.

For my part, I’ve been given the task of writing up the company’s process outline for this very thing and thought it may be a beneficial discussion for the other sys admins also.

This discussion is locked

All Comments